Daemon Group Accounts
On Friday 16 May 2008, King Spook wrote:
> I was looking at my users and groups on my box, and I realized that
> certain services add user accounts with specific UIDs, but then just
> gets the next GID for it's corresponding group. I know I,
> personally, would like to have the UIDs and GIDs match (and I spent
> the time with usermod, groupmod, and find fixing it so it was).
> I was wondering if there was any policy for this (and if so, should I
> file bugs?), and how other people felt about this, and if there was
> any reason not to have the UIDs and GIDs correspond.
The reason is simple - it doesn't matter and you shouldn't concern
yourself with such detail. uids map to usernames so that you can
concentrate on meaningful names rather than meaningless 16 bit
There isn't a one-to-one correspondence between users and groups because
this is usually pointless, and because of the following entirely
realistic (but made up by me) type of scenario:
postfix runs as the postfix user
postfixadmin runs as the postfixadmin user
mailscanner and spamassassin run as the mailscan user
all three daemon users have the "mail" group as their primary group.
At this point you have lost the synchronization between uid and gid
sequencing and have to insert two blank groups to get it back. This is
so grossly inelegant it defies description, utterly completely
pointless and a total waste of dev time.
Some of these accounts are defined in baselayout - the ones that can
reasonably be assumed to be needed on almost all machines. The rest
result from useradd/groupadd calls from the ebuild, which simply take
the next one in sequence.
The only broken app I have worked with in ages that required me to look
up a uid/gid for it's config was postfixadmin, for all others I simply
used the user/group name, which is totally sensible.
By all means file a bug, but be aware Jakub will probably close it
immediately as NOTABUG or WONTFIX
alan dot mckinnon at gmail dot com
email@example.com mailing list